Tech titan Apple has admitted a number of its employees’ Mac machines have been compromised, purportedly by the same attackers who hit Facebook.
A small number of Mac machines were hit, reportedly by attackers using the same Java vulnerability and the same “watering-hole” website – a site for iOS developers – serving up the exploit.
Facebook said last week it had tracked the attack on its systems back to China. Twitter was also attacked this year, with fingers again pointed at China. Reports have suggested Twitter was targeted by the same hacking group that went after Apple and Facebook.
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” a statement sent to media from the Cupertino company read.
“The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.
“We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”
Apple is now working closely with law enforcement on the case.
This week, security company Mandiant released a report suggesting a group associated with, or possibly part of, China’s People’s Liberation Army (PLA) was responsible for hitting a large number of English-speaking businesses, many based in the US. China has denied those claims.
Hacks on various media firms, including the New York Times and the Washington Post, have also been attributed to China, which it has also vociferously denied.
As for Java, which is at the heart of many notable recent breaches, Oracle today issued a critical patch update. It covered five vulnerabilities in Java, three of which were rated as critical.
Apple has released an update patching Java 6 for Mac OS X, as well as a Java malware removal tool.
Mac machines with OS X Lion, or a subsequent OS iteration, ship without Java. OS X also disables Java if it goes unused for 35 days.
Are you a security expert? Try our quiz!
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
